package com.hooware.controller;

import com.github.pagehelper.PageInfo;
import com.hooware.domain.Orders;
import com.hooware.service.IOrdersService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;

import javax.annotation.security.RolesAllowed;
import java.util.List;

@Controller
@RequestMapping("/orders")
public class OrdersController {

    @Autowired
    IOrdersService ordersService;

    @RequestMapping("/findAll.do")
//    @RolesAllowed("ADMIN")
//    @Secured("ROLE_ADMIN")
    @PreAuthorize("hasRole('ROLE_ADMIN')")  // 表达式权限控制
    public String findAll(Model model, int page, int size) {
        List<Orders> orders = ordersService.findAll(page, size);
        // 分页配置
        PageInfo pi = new PageInfo(orders);
//        List ordersList = pageInfo.getList();
        model.addAttribute("pi", pi);
        System.out.println("页面访问所有订单: Access OrdersController ===> findAll.do --> " + pi.getList());
        return "orders-list";
    }

    @RequestMapping("/findById.do")
    @PreAuthorize("authentication.principal.username == 'hooway'")  // 只有用户hooway才可以查看详情
    public ModelAndView findById(String id) {
        ModelAndView mav = new ModelAndView("orders-show");
        Orders orders = ordersService.findById(id);
        System.out.println("页面访问订单详情: Access OrdersController ===> findAll.do --> " + orders);
        mav.addObject("orders",orders);
        return mav;
    }
}
